Tuesday, April 14, 2015

Today I merged support for persistent namespaces to unshare(1). The persistent namespace does not require any running process with in the namespace and it's possible to enter the namespace by nsenter(1).

For example let's create a new UTS namespace and set a different hostname within the
namespace:

Now there is no process in the namespace, try to enter the namespace by
--uts=/root/ns-uts reference:

# nsenter --uts=/root/ns-uts
# hostname
FooBar
# exit

The reference to the namespace is bind mount to /proc/[pid]/ns/[type], so
umount(8) is enough to remove the reference:

# umount /root/ns-uts

If there is no another reference or any running process within the namespace
then the namesapce is destoyed.

It's also possible to create another types of the persistent namespaces
(--net, --ipc, ...). Don't forget that if you want to create a persistent
mount namespace than the file (--mount=file) has to be on "private"
filesystem, for example on Fedora where all is "shared" you have
to use: